The attack on the website of Brian Krebs and the
release of the Mirai malware source code demonstrates the challenges that face
the anti-bot
world. At its peak, the Krebs on Security DDoS attack was generating 620Gbps of
traffic, mostly from IoT devices. With the ever increasing number of internet
connected devices, and their current security shortcomings, it should come as
little surprise that the scale of DDoS attacks is
increasing.

One of the most mind-boggling statistics from the Krebs story was the cost of
defending against the level of attack his website was subjected to. It was
estimated that it would cost between $150000 and $200000 to buy protection at
that scale for a year. It is perhaps unsurprising then that the free protection
he was getting could not be continued and his site had to be taken down.

DDoS attacks are employing more devices and becoming more sophisticated and it
becomes harder and harder to respond. We should use every weapon at our disposal
to prevent, detect and repulse this fraudulent traffic.

The way that the Mirai botnet adds things to its network is to search for
devices which have not updated their default passwords. This is not a
sophisticated and elegant solution, it is a brute force attack. Like being
vaccinated to improve the immunity of the herd, those of us who know better
should be ensuring all of our devices are locked down and secure to help reduce
the scale of these attacks. This includes the myriad new IoT devices that most
people barely realise have processors. Cameras, digital video recorders,
printers and routers all have processors on them, some of them surprisingly
beefy and we need to ensure we are taking basic steps to protect them from
being hijacked.

As part of our efforts to secure our customers’ APIs we think quite hard about
DDoS. With DDoSers becoming ever more sophisticated the character of their
attacks is evolving. DDoS is becoming more dynamic, sometimes starting as a
pure volumetric attack before adapting and exploiting application layer
vulnerabilities. Attacks are also lasting longer and, as we can see from
the Krebs attack, getting ever more intense.

Approov works against application layer DDoS attacks and sits behind a pure
volumetric DDoS mitigation solution. It provides another level of protection
by allowing you to check whether API calls to your servers, which may call
expensive operations, are originating within an authentic mobile app.

By using our SDK we can positively identify traffic which comes from a known
good source. Under normal operation this information is not as important because
your servers can cope with the load. When your servers begin to suffer under a
sustained onslaught from a massive botnet, the temptation might be to batten
down the hatches and weather the storm. But while you are being inundated with
malicious traffic, real customers are still trying to use your app. Identifying
known good traffic allows you to treat it differently; you can give it
priority access to the servers while rate limiting the suspicious requests.

The trends for DDoS attacks look set to continue upward, so it is important to
do all we can to protect ourselves. Approov is one part of the puzzle, helping
you to defend your API from application layer attacks and ensuring your
customers can continue to use your apps no matter what the internet is throwing
at you.